SlideShare a Scribd company logo

PSD2 and the Cyber Security Related Challenges Facing the Financial Services Sector

R
Roderick Hodgson

Secure Chorus' presentation at the TechUK event on "Open Banking, PSD2 and the Cyber Challenges Facing the Financial Services Sector" Please visit https://www.securechorus.org/resources to access the White Paper

Technology
1 of 26
Download to read offline
PSD2 and the Cyber Security Related Challenges Facing the Financial Services Sector 1 Roderick Hodgson, Director Contact details: Email: r.hodgson@securechorus.org Mobile: +44 (0)7500828852
Agenda 2 1. Secure Chorus: our story 2. PSD2: a changing industry 3. PSD2: cybersecurity requirements 4. Open standards for securing data and assuring the identity of interfaces 5. Secure Chorus: addressing the requirements of PSD2
Secure Chorus: our story 7
4 An industry-led initiative since 2012 Secure Chorus brings together vendors, operators and system integrators to develop a global interoperable & secure multimedia communications ecosystem of products and services to simplify inter-organisational communications in enterprise and government, We are an independent, not-for-profit membership organisation Secure Chorus Ltd was incorporated in September 2016. Prior to that date it was an informal industry group meeting on a regular basis since beginning of 2012 and including NCSC, Vodafone, O2, BAE Systems, Leonardo, Armour Communications, Cryptify, SQR Systems and Serbus. Our members & observers Our members include vendors and users of secure communications ranging from governments, supranational organisations and major corporates to SMEs and start-ups. Secure Chorus also welcomes observers such as regulators, academic institutions, standards organisations and trade associations. Secure Chorus: our story
5 Our user members Secure Chorus’ membership enables our user members to tap into the talent, experience and passion of our vendors, to address the biggest secure multimedia communication challenges on their mind. Purchasing Secure Chorus Compliant Products will result in lower costs, increased capability and higher aggregate security for users. Secure Chorus: our story We work together with our vendors to develop interoperability standards for secure communication to meet the requirements of a wide range of use cases. Uniquely, we go beyond the technology and seek to establish a mutually beneficial ecosystem model amongst our community of vendors and users. Our work
6 PUBLIC SAFETY FINANCIAL SERVICES PROFESSIONAL SERVICES HEALTHCARE • Secure Chorus was primarily designed to support the UK government requirement for secure communications. This includes a range of applications including PUBLIC SAFETY. • Since then there has been interest from security-conscious enterprises with similar requirements. This includes FINANCIAL SERVICES, PROFESSIONAL SERVICES and HEALTHCARE SECTORS. Secure Chorus: our story
PSD2: a changing industry
The Payment Services Directive 8 Harmonizing regulation across Europe Opening the marketplace to new participants Payment Services Directive
GEOGRAPHICAL EXPANSION TOWARDS EU-WIDE MARKETS THE GROWTH OF FINTECH AND NEW BUSINESS MODELS Changing trends 9 PSD2 expands the directive’s scope, it clarifies the exceptions from it and it strengthens security and customer authentication
10 Account Information Services Providers (AISPs) allow payment service users to have an overview of their financial situation at any time, hence allowing users to better manage their personal finances. USER AISP BANK A BANK B Third-party providers: definitions
11 Payment Initiation Services Providers (PISPs) allow consumers to pay via simple credit transfer for their online purchases, while providing merchants with the assurance that the payment has been initiated so that goods can be released, or services provided without delay. USER PISP BANK Third-party providers: definitions MERCHANT
12 Banks will open their IT infrastructure to third party payment providers businesses must implement the right technical solutions to achieve the goals of the regulation, while safeguarding their users’ data and the trust their users have placed in them.
PSD2: cybersecurity requirements
14 Security of credentials (Article 66, 67) PSD2 requires that a user’s personalised credentials are kept secure and transmitted from a PISP or AISP to the issuer of such credentials in safe and efficient channels. Traceability (Article 72) In the event of disputes, payment service provider will need to provide evidential records. This shows a key requirement for the maintaining of auditable records, which need to meet the other articles’ requirements on security. Auditability (Article 95) Payment service providers will need to ensure they can appropriately monitor, assess and audit their cybersecurity capability, and respond to cybersecurity incidents with appropriate processes. PSD2: regulatory requirements Authentication (Article 97) Account service providers will need to authenticate not only the users, but all third-party services it shares data with.
15 PSD2: The regulatory technical standards Regulatory technical standards on authentication and communication (Article 98) The European Banking Authority will draft Regulatory Technical Standards (RTS) addressing secure open standards of communication and the protection of users’ data. the RTS must not prescribe the use of any specific industry standard of internet communication
16 PSD2: The regulatory technical standards The RTS highlights the need for: Security measures Open standards for secure communication
17 • confidentiality of personalised security credentials must be ensured, and that to do so, processing and routing of the data needs to be done in secure environments. Including the delivery to third parties. • Detailed logging of the transaction, ensuring full knowledge of all events relevant to any electronic transactions performed via this mechanism can be obtained by authorised parties Security and traceability Security measures
18 • Banks must provide an interface, ideally dedicated to this purpose • Use of secure communication standards which are open and widely available, including strong and widely recognised encryption techniques • Qualified certificates must be used authenticate services against one-another Interfaces Open standards for secure communication
Open standards for securing and assuring the identity of interfaces
20The need for interoperable and open standards KNOWN AND OPEN SPECIFICATIONS Allows for assessment that the technology meets the desired security requirements COMPLIANCE ASSESMENT INTEROPERABILITY OPERATING BEYOND THE PERIMITERS OF AN ORGANISATION Processing payment data, credentials and personal data within the security perimeter of the organisations and beyond
21identity-based public key cryptography: a unique approach END-TO-END ENCRYPTION Can be used in a variety of environments, both at rest (e.g. storage) and in transit (e.g. network systems) ENTERPRISE CONTROLLED ACCESS TO DATA Full control of the system security and ability to comply with auditing requirements through a managed and logged process. DATA SECURITY TRACEABILITY SCALE IDENTITY BASED PUBLIC KEY Encryption for a user’s identity in a PSP while also providing authentication of the PSP from which the data has originated. Without the need for a complex supporting infrastructure.
Secure Chorus: Addressing the requirements of PSD2
Based upon COMMUNICATION and CRYPTOGRAPHY STANDARDS documented by international standards bodies (IETF and 3GPP). An open-source code library is available. INDUSTRY OPEN STANDARDS Our members collaborate to develop open INTEROPERABILITY STANDARDS that will allow their products to interoperate. SECURE CHORUS OPEN STANDARDS Secure Chorus: standards 23 INTEROPERABILITY TELECOMS (SIP/VoIP, OPUS) END-TO-END ENCRYPTION (MIKEY-SAKKE, SRTP)
24 END-TO-END ENCRYPTION Can be used in any environment without needing trust, both at rest (e.g. storage) and in transit (e.g. network systems) ENTERPRISE CONTROLLED ACCESS TO DATA Full control of the system security and ability to comply with any auditing requirements through a managed and logged process. DATA SECURITY DATA OWNERSHIP INTEROPERABILITY SCALE KEY MANAGEMENT SERVER Secure Chorus KMS approach simplifies inter-organisational communications, without bringing external users into internal security perimeters ANY PLATFORM OR INFRASTRUCTURE Users have the freedom and flexibility to deploy platforms and infrastructure to meet their requirements. IMPLEMENTATION AGNOSTIC Secure Chorus: Secure Chorus Standards IDENTITY BASED PUBLIC KEY Does not require expensive and complex supporting infrastructure for distributing credentials, allowing for at-scale implementation. FLEXIBILITY REAL-TIME & DEFERRED COMMUNICATION Supports both real-time communications (such as one-one and multi-party calls) and deferred delivery (such as messaging and voicemail).
25 Ecosystem Model Community Technology Innovation Thought Leadership We offer an ecosystem of interoperable secure communications products and services to have communications available to only those who need to know We improve the value proposition of our vendors’ products and services. We offer to our users higher aggregate security We tap into the talent, experience and passion from our vendors, operators and system integrators to address the biggest secure communication challenges on the minds of our users By harnessing the collective strength of our members, we keep the need for secure communication at the heart of enterprise governance across sectors globally Secure Chorus: our approach
26 info@securechorus.org www.securechorus.org White paper available at: www.securechorus.org/resources/ Secure Chorus Ltd Level39 One Canada Square London E14 5AB Social Media linkedin.com/company/secure-chorus-ltd twitter.com/SecureChorus

Recommended

A Security Framework in RFID
A Security Framework in RFIDA Security Framework in RFID
A Security Framework in RFIDijtsrd
 
Identive Group | Press Release | Identive Launches New CLOUD 2700 Contact Sma...
Identive Group | Press Release | Identive Launches New CLOUD 2700 Contact Sma...Identive Group | Press Release | Identive Launches New CLOUD 2700 Contact Sma...
Identive Group | Press Release | Identive Launches New CLOUD 2700 Contact Sma...Identive
 
Comsec PCI DSS v3 2 - Overview and Summary of Changes - Webinar
Comsec PCI DSS v3 2 - Overview and Summary of Changes - WebinarComsec PCI DSS v3 2 - Overview and Summary of Changes - Webinar
Comsec PCI DSS v3 2 - Overview and Summary of Changes - WebinarAriel Ben-Harosh
 
11. rfid security using mini des algorithm in deployment of bike renting system
11. rfid security using mini des algorithm in deployment of bike renting system11. rfid security using mini des algorithm in deployment of bike renting system
11. rfid security using mini des algorithm in deployment of bike renting systemAlexander Decker
 
5.[26 35] rfid security using mini des algorithm in deployment of bike rentin...
5.[26 35] rfid security using mini des algorithm in deployment of bike rentin...5.[26 35] rfid security using mini des algorithm in deployment of bike rentin...
5.[26 35] rfid security using mini des algorithm in deployment of bike rentin...Alexander Decker
 
The Future of Authentication for IoT
The Future of Authentication for IoTThe Future of Authentication for IoT
The Future of Authentication for IoTFIDO Alliance
 
PCI DSS
PCI DSSPCI DSS
PCI DSSDuy Do Phan
 
Digital Identity In Government
Digital Identity In GovernmentDigital Identity In Government
Digital Identity In GovernmentFIDO Alliance
 

Recommended

A Security Framework in RFID
A Security Framework in RFIDA Security Framework in RFID
A Security Framework in RFIDijtsrd
 
Identive Group | Press Release | Identive Launches New CLOUD 2700 Contact Sma...
Identive Group | Press Release | Identive Launches New CLOUD 2700 Contact Sma...Identive Group | Press Release | Identive Launches New CLOUD 2700 Contact Sma...
Identive Group | Press Release | Identive Launches New CLOUD 2700 Contact Sma...Identive
 
Comsec PCI DSS v3 2 - Overview and Summary of Changes - Webinar
Comsec PCI DSS v3 2 - Overview and Summary of Changes - WebinarComsec PCI DSS v3 2 - Overview and Summary of Changes - Webinar
Comsec PCI DSS v3 2 - Overview and Summary of Changes - WebinarAriel Ben-Harosh
 
11. rfid security using mini des algorithm in deployment of bike renting system
11. rfid security using mini des algorithm in deployment of bike renting system11. rfid security using mini des algorithm in deployment of bike renting system
11. rfid security using mini des algorithm in deployment of bike renting systemAlexander Decker
 
5.[26 35] rfid security using mini des algorithm in deployment of bike rentin...
5.[26 35] rfid security using mini des algorithm in deployment of bike rentin...5.[26 35] rfid security using mini des algorithm in deployment of bike rentin...
5.[26 35] rfid security using mini des algorithm in deployment of bike rentin...Alexander Decker
 
The Future of Authentication for IoT
The Future of Authentication for IoTThe Future of Authentication for IoT
The Future of Authentication for IoTFIDO Alliance
 
PCI DSS
PCI DSSPCI DSS
PCI DSSDuy Do Phan
 
Digital Identity In Government
Digital Identity In GovernmentDigital Identity In Government
Digital Identity In GovernmentFIDO Alliance
 
sushil kumar
sushil kumarsushil kumar
sushil kumarTHCwIT Conference
 
Vietnam Cyber Security Market 2018-2028 By Size, Share, Trends, Growth, Forecast
Vietnam Cyber Security Market 2018-2028 By Size, Share, Trends, Growth, ForecastVietnam Cyber Security Market 2018-2028 By Size, Share, Trends, Growth, Forecast
Vietnam Cyber Security Market 2018-2028 By Size, Share, Trends, Growth, ForecastVipin Mishra
 
Demonetization in Indian Currency – Illegal Money - IoT: Effective Identifica...
Demonetization in Indian Currency – Illegal Money - IoT: Effective Identifica...Demonetization in Indian Currency – Illegal Money - IoT: Effective Identifica...
Demonetization in Indian Currency – Illegal Money - IoT: Effective Identifica...IRJET Journal
 
EU regulatory agenda 2018 2019
EU regulatory agenda 2018 2019EU regulatory agenda 2018 2019
EU regulatory agenda 2018 2019Roger Coenen
 
Block Armour Zero Trust Cybersecurity Mesh for Oil and Gas
Block Armour Zero Trust Cybersecurity Mesh for Oil and GasBlock Armour Zero Trust Cybersecurity Mesh for Oil and Gas
Block Armour Zero Trust Cybersecurity Mesh for Oil and GasBlockArmour1
 
Using cloud services: Compliance with the Security Requirements of the Spanis...
Using cloud services: Compliance with the Security Requirements of the Spanis...Using cloud services: Compliance with the Security Requirements of the Spanis...
Using cloud services: Compliance with the Security Requirements of the Spanis...Miguel A. Amutio
 
What operational technology cyber security is?
What operational technology cyber security is?What operational technology cyber security is?
What operational technology cyber security is?sohailAhmad304
 
IRJET- Cloud Data Authentication for Health Monitoring System using IoT Techn...
IRJET- Cloud Data Authentication for Health Monitoring System using IoT Techn...IRJET- Cloud Data Authentication for Health Monitoring System using IoT Techn...
IRJET- Cloud Data Authentication for Health Monitoring System using IoT Techn...IRJET Journal
 
Compliance for Real-Time communications-June2016
Compliance for Real-Time communications-June2016Compliance for Real-Time communications-June2016
Compliance for Real-Time communications-June2016Mohan C. de SILVA
 
Initio at World Blockchain & Cryptocurrency Summit 2018
Initio at World Blockchain & Cryptocurrency Summit 2018Initio at World Blockchain & Cryptocurrency Summit 2018
Initio at World Blockchain & Cryptocurrency Summit 2018Initio
 
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNet
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNetPayment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNet
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNetSafeNet
 
Brisk and secure ad hoc vehicular communication
Brisk and secure ad hoc vehicular communicationBrisk and secure ad hoc vehicular communication
Brisk and secure ad hoc vehicular communicationeSAT Journals
 
Brisk and secure ad hoc vehicular communication
Brisk and secure ad hoc vehicular communicationBrisk and secure ad hoc vehicular communication
Brisk and secure ad hoc vehicular communicationeSAT Publishing House
 
Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challengesKresimir Popovic
 
Pci standards, from participation to implementation and review
Pci standards, from participation to implementation and reviewPci standards, from participation to implementation and review
Pci standards, from participation to implementation and reviewisc2-hellenic
 
First-North - EUSN Presentation (November 16 2016) Final-v1 Yogi Notes 2016-1...
First-North - EUSN Presentation (November 16 2016) Final-v1 Yogi Notes 2016-1...First-North - EUSN Presentation (November 16 2016) Final-v1 Yogi Notes 2016-1...
First-North - EUSN Presentation (November 16 2016) Final-v1 Yogi Notes 2016-1...Yogi Golle
 
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdfControlCase
 
AL_PCI-Cheatsheet_web
AL_PCI-Cheatsheet_webAL_PCI-Cheatsheet_web
AL_PCI-Cheatsheet_webDerrick McBreairty
 
case-study-on-digital-identity-swisscom-mobile-id_en
case-study-on-digital-identity-swisscom-mobile-id_encase-study-on-digital-identity-swisscom-mobile-id_en
case-study-on-digital-identity-swisscom-mobile-id_enAlix Murphy
 
oneM2M webinar (2014)
oneM2M webinar (2014)oneM2M webinar (2014)
oneM2M webinar (2014)Marc Jadoul
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 

More Related Content

Similar to PSD2 and the Cyber Security Related Challenges Facing the Financial Services Sector

Vietnam Cyber Security Market 2018-2028 By Size, Share, Trends, Growth, Forecast
Vietnam Cyber Security Market 2018-2028 By Size, Share, Trends, Growth, ForecastVietnam Cyber Security Market 2018-2028 By Size, Share, Trends, Growth, Forecast
Vietnam Cyber Security Market 2018-2028 By Size, Share, Trends, Growth, ForecastVipin Mishra
 
Demonetization in Indian Currency – Illegal Money - IoT: Effective Identifica...
Demonetization in Indian Currency – Illegal Money - IoT: Effective Identifica...Demonetization in Indian Currency – Illegal Money - IoT: Effective Identifica...
Demonetization in Indian Currency – Illegal Money - IoT: Effective Identifica...IRJET Journal
 
EU regulatory agenda 2018 2019
EU regulatory agenda 2018 2019EU regulatory agenda 2018 2019
EU regulatory agenda 2018 2019Roger Coenen
 
Block Armour Zero Trust Cybersecurity Mesh for Oil and Gas
Block Armour Zero Trust Cybersecurity Mesh for Oil and GasBlock Armour Zero Trust Cybersecurity Mesh for Oil and Gas
Block Armour Zero Trust Cybersecurity Mesh for Oil and GasBlockArmour1
 
Using cloud services: Compliance with the Security Requirements of the Spanis...
Using cloud services: Compliance with the Security Requirements of the Spanis...Using cloud services: Compliance with the Security Requirements of the Spanis...
Using cloud services: Compliance with the Security Requirements of the Spanis...Miguel A. Amutio
 
What operational technology cyber security is?
What operational technology cyber security is?What operational technology cyber security is?
What operational technology cyber security is?sohailAhmad304
 
IRJET- Cloud Data Authentication for Health Monitoring System using IoT Techn...
IRJET- Cloud Data Authentication for Health Monitoring System using IoT Techn...IRJET- Cloud Data Authentication for Health Monitoring System using IoT Techn...
IRJET- Cloud Data Authentication for Health Monitoring System using IoT Techn...IRJET Journal
 
Compliance for Real-Time communications-June2016
Compliance for Real-Time communications-June2016Compliance for Real-Time communications-June2016
Compliance for Real-Time communications-June2016Mohan C. de SILVA
 
Initio at World Blockchain & Cryptocurrency Summit 2018
Initio at World Blockchain & Cryptocurrency Summit 2018Initio at World Blockchain & Cryptocurrency Summit 2018
Initio at World Blockchain & Cryptocurrency Summit 2018Initio
 
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNet
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNetPayment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNet
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNetSafeNet
 
Brisk and secure ad hoc vehicular communication
Brisk and secure ad hoc vehicular communicationBrisk and secure ad hoc vehicular communication
Brisk and secure ad hoc vehicular communicationeSAT Journals
 
Brisk and secure ad hoc vehicular communication
Brisk and secure ad hoc vehicular communicationBrisk and secure ad hoc vehicular communication
Brisk and secure ad hoc vehicular communicationeSAT Publishing House
 
Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challengesKresimir Popovic
 
Pci standards, from participation to implementation and review
Pci standards, from participation to implementation and reviewPci standards, from participation to implementation and review
Pci standards, from participation to implementation and reviewisc2-hellenic
 
First-North - EUSN Presentation (November 16 2016) Final-v1 Yogi Notes 2016-1...
First-North - EUSN Presentation (November 16 2016) Final-v1 Yogi Notes 2016-1...First-North - EUSN Presentation (November 16 2016) Final-v1 Yogi Notes 2016-1...
First-North - EUSN Presentation (November 16 2016) Final-v1 Yogi Notes 2016-1...Yogi Golle
 
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdfControlCase
 
case-study-on-digital-identity-swisscom-mobile-id_en
case-study-on-digital-identity-swisscom-mobile-id_encase-study-on-digital-identity-swisscom-mobile-id_en
case-study-on-digital-identity-swisscom-mobile-id_enAlix Murphy
 
oneM2M webinar (2014)
oneM2M webinar (2014)oneM2M webinar (2014)
oneM2M webinar (2014)Marc Jadoul
 

Similar to PSD2 and the Cyber Security Related Challenges Facing the Financial Services Sector (20)

sushil kumar
sushil kumarsushil kumar
sushil kumar
 
Vietnam Cyber Security Market 2018-2028 By Size, Share, Trends, Growth, Forecast
Vietnam Cyber Security Market 2018-2028 By Size, Share, Trends, Growth, ForecastVietnam Cyber Security Market 2018-2028 By Size, Share, Trends, Growth, Forecast
Vietnam Cyber Security Market 2018-2028 By Size, Share, Trends, Growth, Forecast
 
Demonetization in Indian Currency – Illegal Money - IoT: Effective Identifica...
Demonetization in Indian Currency – Illegal Money - IoT: Effective Identifica...Demonetization in Indian Currency – Illegal Money - IoT: Effective Identifica...
Demonetization in Indian Currency – Illegal Money - IoT: Effective Identifica...
 
EU regulatory agenda 2018 2019
EU regulatory agenda 2018 2019EU regulatory agenda 2018 2019
EU regulatory agenda 2018 2019
 
Block Armour Zero Trust Cybersecurity Mesh for Oil and Gas
Block Armour Zero Trust Cybersecurity Mesh for Oil and GasBlock Armour Zero Trust Cybersecurity Mesh for Oil and Gas
Block Armour Zero Trust Cybersecurity Mesh for Oil and Gas
 
Using cloud services: Compliance with the Security Requirements of the Spanis...
Using cloud services: Compliance with the Security Requirements of the Spanis...Using cloud services: Compliance with the Security Requirements of the Spanis...
Using cloud services: Compliance with the Security Requirements of the Spanis...
 
What operational technology cyber security is?
What operational technology cyber security is?What operational technology cyber security is?
What operational technology cyber security is?
 
IRJET- Cloud Data Authentication for Health Monitoring System using IoT Techn...
IRJET- Cloud Data Authentication for Health Monitoring System using IoT Techn...IRJET- Cloud Data Authentication for Health Monitoring System using IoT Techn...
IRJET- Cloud Data Authentication for Health Monitoring System using IoT Techn...
 
Compliance for Real-Time communications-June2016
Compliance for Real-Time communications-June2016Compliance for Real-Time communications-June2016
Compliance for Real-Time communications-June2016
 
Initio at World Blockchain & Cryptocurrency Summit 2018
Initio at World Blockchain & Cryptocurrency Summit 2018Initio at World Blockchain & Cryptocurrency Summit 2018
Initio at World Blockchain & Cryptocurrency Summit 2018
 
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNet
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNetPayment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNet
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNet
 
Brisk and secure ad hoc vehicular communication
Brisk and secure ad hoc vehicular communicationBrisk and secure ad hoc vehicular communication
Brisk and secure ad hoc vehicular communication
 
Brisk and secure ad hoc vehicular communication
Brisk and secure ad hoc vehicular communicationBrisk and secure ad hoc vehicular communication
Brisk and secure ad hoc vehicular communication
 
Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challenges
 
Pci standards, from participation to implementation and review
Pci standards, from participation to implementation and reviewPci standards, from participation to implementation and review
Pci standards, from participation to implementation and review
 
First-North - EUSN Presentation (November 16 2016) Final-v1 Yogi Notes 2016-1...
First-North - EUSN Presentation (November 16 2016) Final-v1 Yogi Notes 2016-1...First-North - EUSN Presentation (November 16 2016) Final-v1 Yogi Notes 2016-1...
First-North - EUSN Presentation (November 16 2016) Final-v1 Yogi Notes 2016-1...
 
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf
 
AL_PCI-Cheatsheet_web
AL_PCI-Cheatsheet_webAL_PCI-Cheatsheet_web
AL_PCI-Cheatsheet_web
 
case-study-on-digital-identity-swisscom-mobile-id_en
case-study-on-digital-identity-swisscom-mobile-id_encase-study-on-digital-identity-swisscom-mobile-id_en
case-study-on-digital-identity-swisscom-mobile-id_en
 
oneM2M webinar (2014)
oneM2M webinar (2014)oneM2M webinar (2014)
oneM2M webinar (2014)
 

Recently uploaded

Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetEnjoy Anytime
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 

Recently uploaded (20)

Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 

PSD2 and the Cyber Security Related Challenges Facing the Financial Services Sector

  • 1. PSD2 and the Cyber Security Related Challenges Facing the Financial Services Sector 1 Roderick Hodgson, Director Contact details: Email: r.hodgson@securechorus.org Mobile: +44 (0)7500828852
  • 2. Agenda 2 1. Secure Chorus: our story 2. PSD2: a changing industry 3. PSD2: cybersecurity requirements 4. Open standards for securing data and assuring the identity of interfaces 5. Secure Chorus: addressing the requirements of PSD2
  • 4. 4 An industry-led initiative since 2012 Secure Chorus brings together vendors, operators and system integrators to develop a global interoperable & secure multimedia communications ecosystem of products and services to simplify inter-organisational communications in enterprise and government, We are an independent, not-for-profit membership organisation Secure Chorus Ltd was incorporated in September 2016. Prior to that date it was an informal industry group meeting on a regular basis since beginning of 2012 and including NCSC, Vodafone, O2, BAE Systems, Leonardo, Armour Communications, Cryptify, SQR Systems and Serbus. Our members & observers Our members include vendors and users of secure communications ranging from governments, supranational organisations and major corporates to SMEs and start-ups. Secure Chorus also welcomes observers such as regulators, academic institutions, standards organisations and trade associations. Secure Chorus: our story
  • 5. 5 Our user members Secure Chorus’ membership enables our user members to tap into the talent, experience and passion of our vendors, to address the biggest secure multimedia communication challenges on their mind. Purchasing Secure Chorus Compliant Products will result in lower costs, increased capability and higher aggregate security for users. Secure Chorus: our story We work together with our vendors to develop interoperability standards for secure communication to meet the requirements of a wide range of use cases. Uniquely, we go beyond the technology and seek to establish a mutually beneficial ecosystem model amongst our community of vendors and users. Our work
  • 6. 6 PUBLIC SAFETY FINANCIAL SERVICES PROFESSIONAL SERVICES HEALTHCARE • Secure Chorus was primarily designed to support the UK government requirement for secure communications. This includes a range of applications including PUBLIC SAFETY. • Since then there has been interest from security-conscious enterprises with similar requirements. This includes FINANCIAL SERVICES, PROFESSIONAL SERVICES and HEALTHCARE SECTORS. Secure Chorus: our story
  • 7. PSD2: a changing industry
  • 8. The Payment Services Directive 8 Harmonizing regulation across Europe Opening the marketplace to new participants Payment Services Directive
  • 9. GEOGRAPHICAL EXPANSION TOWARDS EU-WIDE MARKETS THE GROWTH OF FINTECH AND NEW BUSINESS MODELS Changing trends 9 PSD2 expands the directive’s scope, it clarifies the exceptions from it and it strengthens security and customer authentication
  • 10. 10 Account Information Services Providers (AISPs) allow payment service users to have an overview of their financial situation at any time, hence allowing users to better manage their personal finances. USER AISP BANK A BANK B Third-party providers: definitions
  • 11. 11 Payment Initiation Services Providers (PISPs) allow consumers to pay via simple credit transfer for their online purchases, while providing merchants with the assurance that the payment has been initiated so that goods can be released, or services provided without delay. USER PISP BANK Third-party providers: definitions MERCHANT
  • 12. 12 Banks will open their IT infrastructure to third party payment providers businesses must implement the right technical solutions to achieve the goals of the regulation, while safeguarding their users’ data and the trust their users have placed in them.
  • 14. 14 Security of credentials (Article 66, 67) PSD2 requires that a user’s personalised credentials are kept secure and transmitted from a PISP or AISP to the issuer of such credentials in safe and efficient channels. Traceability (Article 72) In the event of disputes, payment service provider will need to provide evidential records. This shows a key requirement for the maintaining of auditable records, which need to meet the other articles’ requirements on security. Auditability (Article 95) Payment service providers will need to ensure they can appropriately monitor, assess and audit their cybersecurity capability, and respond to cybersecurity incidents with appropriate processes. PSD2: regulatory requirements Authentication (Article 97) Account service providers will need to authenticate not only the users, but all third-party services it shares data with.
  • 15. 15 PSD2: The regulatory technical standards Regulatory technical standards on authentication and communication (Article 98) The European Banking Authority will draft Regulatory Technical Standards (RTS) addressing secure open standards of communication and the protection of users’ data. the RTS must not prescribe the use of any specific industry standard of internet communication
  • 16. 16 PSD2: The regulatory technical standards The RTS highlights the need for: Security measures Open standards for secure communication
  • 17. 17 • confidentiality of personalised security credentials must be ensured, and that to do so, processing and routing of the data needs to be done in secure environments. Including the delivery to third parties. • Detailed logging of the transaction, ensuring full knowledge of all events relevant to any electronic transactions performed via this mechanism can be obtained by authorised parties Security and traceability Security measures
  • 18. 18 • Banks must provide an interface, ideally dedicated to this purpose • Use of secure communication standards which are open and widely available, including strong and widely recognised encryption techniques • Qualified certificates must be used authenticate services against one-another Interfaces Open standards for secure communication
  • 19. Open standards for securing and assuring the identity of interfaces
  • 20. 20The need for interoperable and open standards KNOWN AND OPEN SPECIFICATIONS Allows for assessment that the technology meets the desired security requirements COMPLIANCE ASSESMENT INTEROPERABILITY OPERATING BEYOND THE PERIMITERS OF AN ORGANISATION Processing payment data, credentials and personal data within the security perimeter of the organisations and beyond
  • 21. 21identity-based public key cryptography: a unique approach END-TO-END ENCRYPTION Can be used in a variety of environments, both at rest (e.g. storage) and in transit (e.g. network systems) ENTERPRISE CONTROLLED ACCESS TO DATA Full control of the system security and ability to comply with auditing requirements through a managed and logged process. DATA SECURITY TRACEABILITY SCALE IDENTITY BASED PUBLIC KEY Encryption for a user’s identity in a PSP while also providing authentication of the PSP from which the data has originated. Without the need for a complex supporting infrastructure.
  • 22. Secure Chorus: Addressing the requirements of PSD2
  • 23. Based upon COMMUNICATION and CRYPTOGRAPHY STANDARDS documented by international standards bodies (IETF and 3GPP). An open-source code library is available. INDUSTRY OPEN STANDARDS Our members collaborate to develop open INTEROPERABILITY STANDARDS that will allow their products to interoperate. SECURE CHORUS OPEN STANDARDS Secure Chorus: standards 23 INTEROPERABILITY TELECOMS (SIP/VoIP, OPUS) END-TO-END ENCRYPTION (MIKEY-SAKKE, SRTP)
  • 24. 24 END-TO-END ENCRYPTION Can be used in any environment without needing trust, both at rest (e.g. storage) and in transit (e.g. network systems) ENTERPRISE CONTROLLED ACCESS TO DATA Full control of the system security and ability to comply with any auditing requirements through a managed and logged process. DATA SECURITY DATA OWNERSHIP INTEROPERABILITY SCALE KEY MANAGEMENT SERVER Secure Chorus KMS approach simplifies inter-organisational communications, without bringing external users into internal security perimeters ANY PLATFORM OR INFRASTRUCTURE Users have the freedom and flexibility to deploy platforms and infrastructure to meet their requirements. IMPLEMENTATION AGNOSTIC Secure Chorus: Secure Chorus Standards IDENTITY BASED PUBLIC KEY Does not require expensive and complex supporting infrastructure for distributing credentials, allowing for at-scale implementation. FLEXIBILITY REAL-TIME & DEFERRED COMMUNICATION Supports both real-time communications (such as one-one and multi-party calls) and deferred delivery (such as messaging and voicemail).
  • 25. 25 Ecosystem Model Community Technology Innovation Thought Leadership We offer an ecosystem of interoperable secure communications products and services to have communications available to only those who need to know We improve the value proposition of our vendors’ products and services. We offer to our users higher aggregate security We tap into the talent, experience and passion from our vendors, operators and system integrators to address the biggest secure communication challenges on the minds of our users By harnessing the collective strength of our members, we keep the need for secure communication at the heart of enterprise governance across sectors globally Secure Chorus: our approach
  • 26. 26 info@securechorus.org www.securechorus.org White paper available at: www.securechorus.org/resources/ Secure Chorus Ltd Level39 One Canada Square London E14 5AB Social Media linkedin.com/company/secure-chorus-ltd twitter.com/SecureChorus